Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import java.io.IOException;
- import java.util.Map;
- import javax.security.auth.Subject;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.NameCallback;
- import javax.security.auth.callback.PasswordCallback;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import javax.security.auth.login.LoginException;
- import javax.security.auth.spi.LoginModule;
- // Necessari per treballar amb fitxers Properties
- import java.io.FileInputStream;
- import java.io.InputStream;
- import java.util.Properties;
- import java.util.Enumeration;
- // Necessari per sha256()
- import java.security.MessageDigest;
- import java.math.BigInteger;
- import java.security.NoSuchAlgorithmException;
- /**
- * Login module that simply matches name and password to perform authentication.
- * If successful, set principal to name and credential to "admin".
- *
- * @author Nicolas Fränkel
- * @since 2 avr. 2009
- */
- public class PlainLoginModule implements LoginModule {
- /** Callback handler to store between initialization and authentication. */
- private CallbackHandler handler;
- /** Subject to store. */
- private Subject subject;
- /** Login name. */
- private String login;
- // Variables de classe afegides
- private String[] groups;
- /**
- * This implementation always return false.
- *
- * @see javax.security.auth.spi.LoginModule#abort()
- */
- @Override
- public boolean abort() throws LoginException {
- return false;
- }
- /**
- * This is where, should the entire authentication process succeeds,
- * principal would be set.
- *
- * @see javax.security.auth.spi.LoginModule#commit()
- */
- @Override
- public boolean commit() throws LoginException {
- try {
- PlainUserPrincipal user = new PlainUserPrincipal(login);
- subject.getPrincipals().add(user);
- // creo un objecte role per cadascun dels grups que apareixen al fitxer shadow.properties
- for (String rol : groups) {
- PlainRolePrincipal role = new PlainRolePrincipal(rol);
- subject.getPrincipals().add(role);
- }
- return true;
- } catch (Exception e) {
- throw new LoginException(e.getMessage());
- }
- }
- /**
- * This implementation ignores both state and options.
- *
- * @see javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject,
- * javax.security.auth.callback.CallbackHandler, java.util.Map,
- * java.util.Map)
- */
- @Override
- public void initialize(Subject aSubject, CallbackHandler aCallbackHandler, Map aSharedState, Map aOptions) {
- handler = aCallbackHandler;
- subject = aSubject;
- }
- /**
- * This method checks whether the name and the password are the same.
- *
- * @see javax.security.auth.spi.LoginModule#login()
- */
- @Override
- public boolean login() throws LoginException {
- Callback[] callbacks = new Callback[2];
- callbacks[0] = new NameCallback("login");
- callbacks[1] = new PasswordCallback("password", true);
- try {
- handler.handle(callbacks);
- String name = ((NameCallback) callbacks[0]).getName();
- String password = String.valueOf(((PasswordCallback) callbacks[1]).getPassword());
- /* AFEGIR verifyCredentials(name,password); */
- if (!verifyCredentials(name,password)) {
- throw new LoginException("Authentication failed");
- }
- // A partir d'aquests valors login i groups es crearan els objectes a commit() i es destruiran a logout()
- login = name;
- // Obtenim la llista de grups cridant a la funcio creada getUserGroups(). La variable groups es fara servir al commit() i a logout()
- groups = getUserGroups(name);
- return true;
- } catch (IOException e) {
- throw new LoginException(e.getMessage());
- } catch (UnsupportedCallbackException e) {
- throw new LoginException(e.getMessage());
- }
- }
- private String[] getUserGroups(String username) {
- Properties usuari = new Properties();
- InputStream file = null;
- String grups = "";
- try {
- file = new FileInputStream("shadow.properties");
- // Carreguem l'arxiu shadow
- usuari.load(file);
- // Llegim propietats
- grups = usuari.getProperty(username+".groups");
- // Si no existeix l'entrada username.group tornem un buit
- if (grups==null) {
- return new String[0];
- }
- } catch (IOException ex) {
- ex.printStackTrace();
- } finally {
- // Sempre tancarem el fitxer obert, hi hagi excepcio o no
- if (file != null) {
- try {
- file.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- }
- // Retorno resultat que contindra un String[] tipo {"ana","dir"}
- return grups.split(",");
- }
- private boolean verifyCredentials(String nom,String pass_input) {
- Properties usuari = new Properties();
- InputStream file = null;
- String salt = "";
- String pass_salted = "";
- try {
- file = new FileInputStream("shadow.properties");
- // Carguem fitxer shadow
- usuari.load(file);
- salt = usuari.getProperty(nom+".salt");
- pass_salted = usuari.getProperty(nom+".password");
- // Si no existeix alguna de les entrades al fitxer shadow deneguem l'autenticació
- if (salt==null | pass_salted==null) {
- return false;
- }
- } catch (IOException ex) {
- ex.printStackTrace();
- } finally {
- if (file != null) {
- try {
- file.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- }
- // Comparem el pass hashejat i saltejat obtingut de fitxer shadow amb
- // el resultat de hashejar el password introduit per l'usuari amb el seu salt
- if (pass_salted.equals(sha256(pass_input+salt))) {
- return true;
- }
- else {
- return false;
- }
- }
- public static String sha256(String s) {
- try {
- // Create Hash
- MessageDigest digest = java.security.MessageDigest.getInstance("SHA-256");
- digest.update(s.getBytes());
- byte messageDigest[] = digest.digest();
- // Create Hex String
- StringBuffer hexString = new StringBuffer();
- for (int i = 0; i < messageDigest.length; i++) {
- String h = Integer.toHexString(0xFF & messageDigest[i]);
- while (h.length() < 2)
- h = "0" + h;
- hexString.append(h);
- }
- return hexString.toString();
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- return "";
- }
- /**
- * Clears subject from principal and credentials.
- *
- * @see javax.security.auth.spi.LoginModule#logout()
- */
- @Override
- public boolean logout() throws LoginException {
- try {
- PlainUserPrincipal user = new PlainUserPrincipal(login);
- subject.getPrincipals().remove(user);
- // destrueixo els objectes corresponents als grups de l'usuari de shadow.properties
- for (String rol : groups) {
- PlainRolePrincipal role = new PlainRolePrincipal(rol);
- subject.getPrincipals().remove(role);
- }
- return true;
- } catch (Exception e) {
- throw new LoginException(e.getMessage());
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement